Christopher X. Candreva wrote: > On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote: > >> Yes, I'm periodically doing scans of the full drive. I could just skip >> the mysql directory, but that seems pretty bad security practice. > > Why does it seem that way to you ? > > I don't think scanning raw mysql database files is going to give usefull > results. Myy gut is that you should in fact exclude them. > > If a database has specific content that could contain a virus and be a > problem (is used to store e-mail or downloadable files), then I would think > the only real way to do it is to write something to extract that data and > scan it outside of the DB file, each one separately -- as if they were > individual files.
Yep - that is what I meant by viable. To be a threat a virus or what ever has to be able to do something and while that is possible in a database file it is often unlikely. And the database engine has to extract that problem data to a system file and .... blah blah blah. Another don't bother kind of file is a virtual machine HDD file. No point scanning them with the host as the file means nothing to the host. No virus can escape. From within the vm it's a different story and that is where the scanning should take place. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html